FORT MEADE, Md. – The National Security Agency (NSA) is releasing a Cybersecurity Information Sheet (CSI) today that details curtailing adversarial lateral movement within an organization’s network to access sensitive data and critical systems. The CSI, entitled “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar,” provides guidance on how to strengthen internal network control and contain network intrusions to a segmented portion of the network using Zero Trust principles.
“Organizations need to operate with a mindset that threats exist within the boundaries of their systems,” said NSA Cybersecurity Director Rob Joyce. “This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”
The network and environment pillar–one of seven pillars that make up the Zero Trust framework–isolates critical resources from unauthorized access by defining network access, controlling network and data flows, segmenting applications and workloads, and using end-to-end encryption, according to the CSI.
The CSI outlines the key capabilities of the network and environment pillar, including data flow mapping, macro and micro segmentation, and software defined networking.
NSA is assisting DoD customers in piloting Zero Trust systems and is developing additional Zero Trust guidance for incorporating Zero Trust principles and designs into enterprise networks.
This guidance expands on NSA’s previously released CSIs, “Embracing a Zero Trust Security Model,” “Advancing Zero Trust Maturity Throughout the User Pillar,” and “Advancing Zero Trust Maturity Throughout the Device Pillar.”
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721